After some interesting issues at work, we have been concentrating on the patch management of the server infrastructure. Whilst we do use SMS 2003, I found that it just wasn’t performing as a useful tool to patch the servers, the ITMU just doesn’t do it for me! I am aware that this has improved vastly since the move to SCCM, however, the work that we have completed with BDD in SMS has been extensive and I’m not ready to migrate this.

Since SMS wasn’t making the grade, I looked at moving to WSUS… Now I hadn’t used WSUS since version 2 so I was a little sceptical until I installed it at home and had a play. The new interface is excellent, actually being available through and MMC rather than having to use a web browser and the use of SSRS make the reports very pretty and more importantly, useful.

So WSUS 3 has it all sewn up? Not quite. given that I look after an enterprise infrastructure with almost 300 servers, I could not have the servers restarting as WSUS saw fit. Looking through the group policy options available to support Windows updates I did notice the ‘No auto-restart for for scheduled Automatic Update installation options’ which doesn’t exactly do what it says on the tin, this only applies if a user is logged on at the time of the installation. As this wasn’t ideal we looked at alternatives and found an excellent script squirreled away on technet which downloads and installs approved updates from your WSUS server without the need for a restart (obviously the update isn’t effective until the server is restarted but it is nice to have the choice of when this takes place!).

For I = 0 To searchResult.Updates.Count-1
set update = searchResult.Updates.Item(I)
If update.IsDownloaded = true Then
WScript.Echo I + 1 & “> adding: ” & update.Title
updatesToInstall.Add(update)
End If
Next

With this script implemented as a scheduled task on each of my servers and the WSUS server used to approve updates in a phased approach this should form a comprehensive approach to patching with my infrastructure… We should be implementing this soon, we will see how well it goes.

P.S. For those eagle eyed members out there, we will be removing the user interaction from the script before we go live.